[syslog-ng] log for patterns
Balint Kovacs
balint.kovacs at balabit.com
Fri Sep 2 11:16:54 CEST 2011
Something like this? ;)
Balint
On 09/01/2011 06:28 PM, Martin Holste wrote:
> If there's not one already, Apache common log format would be worthwhile.
>
> On Thu, Sep 1, 2011 at 3:52 AM, Peter Czanik<czanik at balabit.hu> wrote:
>> Hello,
>>
>> While my previous post was about Windows, we did not forget about our
>> UNIX/Linux users :) I'd like to extend our pattern database with new
>> patterns. So I have some related questions:
>>
>> - Until now we dealt mostly with login/logut events of different
>> applications, as this is one of the most interesting information on
>> servers. Is it OK with you, or we should cover also other events? (Which?)
>>
>> - Which applications are you mostly interested in?
>>
>> - Creating logs in a "lab" environment just for pattern creation is very
>> time consuming. It would be very helpful for us, if you could send logs
>> in exchange for patterns. Just make sure, that there is no sensitive
>> data left in the logs, as the result will be published to make it
>> available for the whole syslog-ng community.
>> I published a blog (
>> http://czanik.blogs.balabit.com/2010/11/log-sample-collecting-project/
>> ), how I collect logs for pattern creation, but of course, any logs are
>> welcome!
>>
>> Bye,
>>
>> --
>> Peter Czanik (CzP)<czanik at balabit.hu>
>> BalaBit IT Security / syslog-ng upstream
>> http://czanik.blogs.balabit.com/
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: apacheclf.xml
Type: text/xml
Size: 3396 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20110902/b74702f3/attachment.bin
More information about the syslog-ng
mailing list